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Anti-Attack Configuration Commands 


Chapter 1 Anti-Attack Configuration Commands 


1.1. Anti-Attack Configuration Commands 


1.1.1 filter period time 


Syntax 


To configure the attack checkup period, run the following command. To return to the 


default setting, use the no form of this command. 
filter period time 


no filter period 


Parameters 


Parameters Description 


trigger attacks. 


Value range: 1-600 second(s) 


time Stands for the attack-proof checkup period whose unit is second. If the 
number of packets transmitted by the attack source exceeds the 
designated number in the checkup period, the attack source is thought to 


Default Value 

The default time is 10 seconds. 
Command Mode 

Global configuration mode 
Usage Guidelines 

None 


Example 


Switch_config# filter period 15 
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Related Command 
filter threshold 


1.1.2 _ filter threshold 


Syntax 


To configure the threshold value which is exceeded before the system thinks an attack, 
run the following command. Vary your configuration in terms of the packet type. To 
return to the default setting, use the no form of this command. 

filter threshold type value 


no filter threshold type 


Parameters 
Parameters Description 
type Packet type, including ARP, BPDU, DHCP, IGMP and ICMP. 
value Stands for the number of the packets received in an attack-proof checkup 


period before the system thinks it as an attack. 


Value range: 5-2000 


Default Value 

The default value is 1000 packets. 
Command Mode 

Global configuration mode 
Usage Guidelines 

None 


Example 
Switch_config# filter threshold ip 1500 


Related Command 


filter period 
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1.1.3 _ filter block-time value 


Syntax 


To configure the time to block attack resource, use the filter block-time value command. 
To return to the default setting, use the no form of this command. 


filter block-time value 


no filter block-time 


Parameters 
Parameters Description 
value Stands for the time of blocking the attack source after the attack is 


detected. Its unit is second. 


Value range: 1-86400 


Default Value 

The default value is 300 seconds. 
Command Mode 

Global configuration mode 
Usage Guidelines 

None 


Example 
Switch_config# filter block-time 600 


Related Command 


filter period 


filter threshold 


1.1.4 _ filter polling period 


Syntax 


To configure the period of the attack source polling check in the hybrid mode, run the 
following command. To return to the default setting, use the no form of this command. 
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filter polling period time 


no filter polling period 


Parameters 


Parameters Description 


time The period of the polling attack after blocking the attack source. Unit: 
second 


Value range: 1-600 


Default Value 

The default time is 10 seconds. 
Command Mode 

Global configuration mode 
Usage Guidelines 

None 


Example 
Switch_config# filter polling period 20 


Related Command 


filter polling threshold 


filter polling auto-fit 


1.1.5 _ filter polling threshold 


Syntax 


To configure the filter polling threshold in the hybrid mode, run the following command. 
Vary your configuration in terms of the packet type. To return to the default setting, use 
the no form of this command. 

filter polling thredhold type value 


no filter polling threshold type 
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Parameters 
Parameters Description 
type Packet type, including ARP, BPDU, DHCP, IGMP and ICMP. 
value The attack source is taken as existed if 1-2000 packets are received within 


any polling period. 


Value range: 1-2000 


Default Value 

The default value is 750 packets. 
Command Mode 

Global configuration mode 
Usage Guidelines 

None 


Example 
Switch_config# filter polling threshold ip 1500 
Related Command 


filter polling period 


filter polling auto-fit 


1.1.6 _ filter polling auto-fit 


Syntax 


To configure auto-fit the polling detect period and threshold, run the following command. 
The command is efficient by default. The polling period equals with the attack filter 
period and the polling packet threshold equals to 3/4 of the attack filter packet threshold. 
To return to the default setting, use the no form of this command. 

filter polling auto-fit 


no filter polling auto-fit 
Parameters 


None 
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Command Mode 

Global configuration mode 
Usage Guidelines 

None 


Example 
Switch_config# filter polling auto-fit 


Usage Guidelines 
None 
Related Command 


filter polling period 


filter polling threshold 


1.1.7 _ filter igmp 


Syntax 


To enable detect ICMP attack, run the following command. To return to the default 
setting, use the no form of this command. 


filter igmp 


no filter igmp 
Parameters 

None 
Command Mode 

Global configuration mode 
Usage Guidelines 


None 
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Example 
Switch_config# filter igmp 


Related Command 


filter enable 


1.1.8 _ filter ip source-ip 


Syntax 


To enable IP attack detection, run this command. To disable IP attack detection, use the 
no form of this command. 


filter ip source-ip 


no filter ip source-ip 
Parameters 
None 
Command Mode 
Global configuration mode and UP interface configuration mode. 
Usage Guidelines 
The command is efficient when both the global port and the uplink port are configured. 


Example 


Switch_config# filter ip source-ip 
Switch_config# interface g0/1 
switch_config_g0/1# filter ip source-ip 


Related Command 


filter enable 
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1.1.9 _ filter icmp 


Syntax 


To enable ICMP attack detection, run the following command. To disable ICMP attack 
detection, use the no form of this command. 


filter icmp 


no filter icmp 
Parameters 
None 
Command Mode 
Global configuration mode and UP interface configuration mode. 
Usage Guidelines 
The command is efficient when both the global port and the uplink port are configured. 


Example 


Switch_config# filter icmp 
Switch_config# interface g0/1 
switch_config_g0/1# filter icmp 


Related Command 


filter enable 


1.1.10 filter dhcp 


Syntax 


To enable ICMP attack detection, run the following command. To disable DHCP attack 
detection, use the no form of this command. 


filter dhcp 


no filter dhcp 
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Parameters 
None 
Command Mode 
Global configuration mode and UP interface configuration mode. 
Usage Guidelines 
The command takes effect in the global configuration mode and the uplink port mode. 


Example 


Switch_config# filter dhcp 
Switch_config# interface g0/1 
switch_config_g0/1# filter dhcp 


Related Command 
filter enable 


1.1.11 _ filter arp 


Syntax 


To enable the ARP attack detection, run the following command. To disable ARP attack 
detection, use the no form of this command. 


filter arp 


no filter arp 
Parameters 

None 
Command Mode 

Uplink port configuration mode 
Usage Guidelines 


None 
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Example 
Switch_config_g0/1# filter arp 


Related Command 


filter enable 


1.1.12 _ filter bpdu 


Syntax 


To enable the BPDU attack detection, run this command. To return to the default setting, 
use the no form of this command. 


filter bpdu 


no filter bpdu 
Parameters 

None 
Command Mode 

UP interface configuration mode 
Usage Guidelines 

None 


Example 
Switch_config_g0/1# filter bpdu 


Related Command 


filter enable 


1.1.13 filter mode 


Syntax 


To configure the filter mode, run the following command. 


filter mode [ raw | hybrid ] 
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Parameters 
Parameters Description 
raw To configure Filter as Raw mode. 
hybrid To configure Filter as Hybrid mode. 


Default Value 

Hybrid mode 
Command Mode 

Global configuration mode 
Usage Guidelines 

None 


Example 
Switch_config# filter mode raw 


Related Command 
filter enable 


1.1.14 _ filter enable 


To enable the attack detection function, run this command in global mode. To return to 
the default setting, use the no form of this command. 


filter enable 


no filter enable 
Parameters 

None 
Command Mode 


Global configuration mode 
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Usage Guidelines 
None 


Example 
Switch_config# filter enable 


Related Command 
None 
1.1.15 — show filter 


To display the working state of the attack-proof function of the current OLT, run this 
command. 


show filter 


To display working state of the anti-attack feature of the current OLT, use the show filter 
command. 


show filter summary 
Parameters 

None 
Command Mode 

Other modes except the user mode 
Usage Guidelines 

None 


Example 


Switch#show filter 

Filter threshold: 1000 packet in any 10 seconds 
Filters blocked: 

Address seconds source interface 
00a0.0c13.647d 27.0 gigaEthernet 0/2 


Filters counting: 


Address seconds count source interface 
00a0.0c43.647d 1.84 371 gigaEthernet 0/2 
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Filters blocked:indicates MAC address of the blocked attack source, blocked time and 
source interface. 


Filters counting:indicates MAC address of the attack source, counting time, the number 
of the receiving packets and the source interface. 
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